[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F8E3C2F.3050503@snosoft.com>
From: dotslash at snosoft.com (KF)
Subject: Supposed SaS "encryption" weak - Coments and
Infor about wrong claims
Heh watch out for that DMCA.
-KF
Lorenzo Hernandez Garcia-Hierro wrote:
>Dear Paul,
>I've testing your exploit ( good one ) for the supposed html encryption weak
>of SaS.
>I think yo toke the exploit/perl script from a developers site because SaS
>is using an standard of encoding,
>here is the proof :
>variables for function _fwk_filter_encrypt($content)
>$table = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_@";
> $xor = 165;
>as you see it's not encryption , so , you didn't cracked nothing....
>you decoded it !
>the script its not for protect sites information such as passwds or usrnames
>, etc , it is stupid to use it for those things.
>It is only a low protection for people that copy contents ( people that its
>only interested in copying things ) and its not
>for critical uses.
>Another thing:
>here is the code for prepare tables of encoding characters:
>$table = array_keys(count_chars($table, 1));
> $i_min = min($table);
> $i_max = max($table);
> for ($c = count($table); $c > 0; $r = mt_rand(0, $c--))
> array_splice($table, $r, $c - $r, array_reverse(array_slice($table, $r,
>$c - $r)));
>
>the encode sequence:
>
>$len = strlen($content);
> $word = $shift = 0;
> for ($i = 0; $i < $len; $i++)
> {
> $ch = $xor ^ ord($content[$i]);
> $word |= ($ch << $shift);
> $shift = ($shift + 2) % 6;
> $enc .= chr($table[$word & 0x3F]);
> $word >>= 6;
> if (!$shift)
> {
> $enc .= chr($table[$word]);
> $word >>= 6;
> }
> }
> if ($shift)
> $enc .= chr($table[$word]);
>
>--- THE FINAL DECODE SEQUENCE ----
>// Decode sequence
> $tbl = array_fill($i_min, $i_max - $i_min + 1, 0);
> while (list($k,$v) = each($table))
> $tbl[$v] = $k;
> $tbl = implode(",", $tbl);
>
> $fi = ",p=0,s=0,w=0,t=Array({$tbl})";
> $f = "w|=(t[x.charCodeAt(p++)-{$i_min}])<<s;";
> $f .= "if(s){r+=String.fromCharCode({$xor}^w&255);w>>=8;s-=2}else{s=6}";
>
>----
>You see ?
>xD
>So definately not encryption ,
>you are wrong....
>encoding , i know , is a shit form to protect things but its the easier and
>fast form to bind a low protection system for contents.
>here is the javascript used:
>$r.= "function decrypt_p(x){";
> $r.= "var l=x.length,b=1024,i,j,r{$fi};";
> $r.=
>"for(j=Math.ceil(l/b);j>0;j--){r='';for(i=Math.min(l,b);i>0;i--,l--){{$f}}do
>cument.write(r)}";
> $r.= "}decrypt_p(\"{$enc}\")";
>
>CONCLUSIONS:
>- I think , i can be sure checking this later , you copied the exploit code
>from a developers site.
>- You were first wrong saying that the Encryption system is cracked , asyou
>see you dind't cracked nothing !!
>you decoded a simple xor sequence w00w!
>- Your claims saying i have lots of free time for [-] other sites[-] its
>completely inapropiatted,
>first of all:
>- i don't make these things for famous , just for fun and hobby
>- i don't say false things
>- sometimes i'm wrong ( i'm human ) or lots of times ! but the important
>thing is that i recognice my errors.
>
>--
>Thank you and next time do a better research.
>Best regards to all the members of Ful-Disclosure.
>-------------------------------
>0x00->Lorenzo Hernandez Garcia-Hierro
>0x01->/* not csh but sh */
>0x02->$ PATH=pretending!/usr/ucb/which sense
>0x03-> no sense in pretending!
>__________________________________
>PGP: Keyfingerprint
>4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B
>ID: 0x91805F5B
>**********************************
>No Secure Root Group Security Research Team
>http://www.nsrg-security.com
>______________________
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>
Powered by blists - more mailing lists